HP USE ONLY. VLANs. Objectives. Module 6

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HP USE ONLY. VLANs. Objectives. Module 6"

Transcription

1 VLANs Module 6 Objectives This module reviews strategies for properly integrating your wireless solution into a wired infrastructure. You will use what you have learned about connecting the MSM Controller to the network, deploying APs, and forwarding both access-controlled and non-access-controlled client traffic onto the wired network. After completing this module, you should be able to: Apply network profiles in the correct way to fulfill specific functions: Manage the MSM Controller Manage MSM APs Forward wireless client traffic in the desired VLAN in non-access-controlled VSCs Map wired traffic to an access-controlled VSC Forward client traffic in the desired VLAN in access-controlled VSCs Implement user-based VLANs and predict how they interact with static VLANs Enable access-controlled clients to receive IP addresses from a network DHCP server NOTES Rev

2 Implementing and Troubleshooting HP Wireless Networks Discussion topics Figure 6-1: Discussion topics Begin by reviewing the standard strategies for deploying various models of MSM Controller. 6 2 Rev

3 VLANs Basic solution for connecting the MSM Controller Figure 6-2: Basic solution for connecting the MSM Controller The figure displays an example network which you will examine throughout this module. The figure has been simplified to show a group of edge switches and two core routing switches, which, as an HP Intelligent Resilient Framework (IRF) group, functions as a single entity. The lines between these switches do not represent the precise physical connections but rather indicate Layer 2 connectivity of some sort. In addition, lines to the user VLAN and the server VLAN do not necessarily show all intervening devices. You are primarily interested in the switch ports that connect directly to your MSM products, so the figure focuses on those. Table 6-1 indicates the VLANs used in this network. The final column specifies the subnet assigned to each VLAN and, specifically, the IP address of the VLAN s default gateway. Although the figure, for simplicity, shows switches in the Management VLAN, these switches actually support all VLANs at the site. Throughout this module, remember that all of the VLANs at the site are extended through the switch infrastructure. Table 6-1: Corporate LAN VLANs VLAN purpose VLAN ID Default gateway (core routing Management (infrastructure devices) /24 Users /23 Servers /24 Rev

4 Implementing and Troubleshooting HP Wireless Networks Questions You are deploying an MSM760 Access Controller in this infrastructure. The network administrators have assigned the controller an IP address in VLAN 8, /24. You will manage the controller on that IP address. 1. Unless you have a specific reason to choose a different design, where should you configure this IP address on the controller? 2. Which MSM760 port do you connect to the switch? 3. What untagged or tagged VLAN do you configure on the switch port? NOTES 6 4 Rev

5 VLANs Deploying MSM APs at a single site Questions Figure 6-3: Deploying MSM APs at a single site Following best practices, the network administrators have created a new VLAN and subnet for the APs, VLAN 32 and /24. The APs connect to the switch ports that are untagged on VLAN 32 (you could also provision the APs to connect on tagged ports). Placing the APs on their own VLAN prevents someone from disconnecting the AP, connecting their own device, and receiving access on the switch management VLAN. In this solution, the network DHCP server provides the IP addresses for the APs. Table 6-2: Corporate LAN VLANs + AP VLAN VLAN purpose VLAN ID Default gateway Management (infrastructure devices) /24 Users /23 Servers /24 APs /24 For now, with all APs in one VLAN at a single site, the administrators do not want to create a Layer 3 discovery solution for them. 1. The APs default gateway address is /24, and the gateway also provides DHCP relay services. Should this address belong to the MSM Controller or the core routing switch? Rev

6 Implementing and Troubleshooting HP Wireless Networks 2. In an environment such as this, you could have APs discover the controller at Layer 2 or at Layer 3. Which solution would you choose? Answer the questions for a Layer 2 discovery strategy. 3. Do you need to create a network profile on the MSM Controller to meet the company s requirements? If so, answer these questions: a. What are the profile settings (name and VLAN ID)? b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? c. Does the profile require an IP interface? If so, what are the requirements? 4. Do you need to make any other changes on the controller to meet this requirement? If so, what are the changes? 6 6 Rev

7 VLANs 5. Do you need to change the VLAN assignments on the switch port assigned to the MSM Controller? If so, what are the changes? 6. Do you need to make other changes to network services or the network infrastructure? Now assume that you have decided to use Layer 3 discovery instead of Layer 2 discovery. Assume that the controller has the Internet port network settings described earlier, but otherwise is using default settings. Answer the questions for a Layer 3 discovery strategy. 7. Do you need to create a network profile on the MSM Controller to meet the company s requirements? If so, answer these questions: a. What are the profile settings (name and VLAN ID)? b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? Rev

8 Implementing and Troubleshooting HP Wireless Networks c. Does the profile require an IP interface? If so, what are the requirements? 8. Do you need to make any other changes on the controller to meet this requirement? If so, what are the changes? 9. Do you need to change the VLAN assignments on the switch port assigned to the MSM Controller? If so, what are the changes? 10. Do you need to make other changes to network services or the network infrastructure? If so, what are the changes? 6 8 Rev

9 VLANs Deploying MSM APs at multiple sites Figure 6-4: Deploying MSM APs at multiple sites Now assume that the company has deployed MSM APs at several sites. The core routing switch supports the VLANs indicated in Table 6-2 and also knows routes to the networks at site 2. The APs at site 2 require Layer 3 discovery, so the company has decided to implement this type of discovery for all APs. The APs can reside on their own dedicated VLAN at each site and discover the MSM760 at its management IP address, The company has both a DNS server and a DHCP server that can inform the APs of the controller s address. In this solution, the DHCP server does so. The following figure provides a detailed look at the controller s current ports and IP interfaces. As you can see, the controller s untagged LAN port interface is using a default IP address of /24, but the physical LAN port is not connected. Rev

10 Implementing and Troubleshooting HP Wireless Networks Figure 6-5: Internal view of the IP interfaces on the MSM760 ports You will now focus on configuring ports on the MSM765 zl Rev

11 VLANs Special considerations for deploying the MSM765 zl Figure 6-6: Special considerations for deploying the MSM765 zl The MSM765 zl Premium Mobility Controller is a module that resides inside an HP zl Series switch. You treat <slot>1 and <slot>2 like the switch ports that connect to controller s Internet and LAN ports, respectively. However, rather than disable <slot>2 to mimic leaving the port unconnected, you should isolate the LAN port by placing <slot>2 in an unused VLAN. NOTES Rev

12 Implementing and Troubleshooting HP Wireless Networks Special considerations for deploying an MSM720 Figure 6-7: Special considerations for deploying an MSM720 The MSM720 ports are switch ports rather than router ports, so you can assign the same VLAN and IP interface to multiple physical ports. You can also group ports into link aggregation groups (called trunks), which operate in either static or LACP active mode. These features give you additional flexibility in setting up VLANs on the MSM720 and connecting the device to the network. The figure shows one example of a design: The administrator assigns the controller s management IP address, /24, to the Internet network profile and changes the profile s VLAN ID to 8. The administrator creates a new network profile for the APs VLAN and assigns the profile VLAN ID 32 and IP address /24. The administrator places ports 1 and 2 in Trunk 1, a static link aggregation group, which connects to a switch that supports APs. (In the real world, several switches might support the APs.) The administrator assigns the AP VLAN as the untagged VLAN on Trunk 1. This VLAN replaces the default untagged VLAN, Access network. Connecting the APs directly to the controller means that the core routing switches do not need to handle their traffic. The administrator places ports 5 and 6 in Trunk 2, a static link aggregation group that connects to both core routing switches. The administrator is able to create a link aggregation for these redundant links to different physical chassis because the devices are part of an HP IRF group Rev

13 VLANs Note You could create a similar solution when the MSM720 connects to switches that do not support IRF. The switches would need to support a distributed trunking protocol. Trunk 2 supports the Internet network as the untagged VLAN. The AP switch connects to the core IRF group on both VLAN 8 and VLAN 32. This configuration enables the APs to reach the core routing switch and receive IP addresses through DHCP relay. You need to take care not to introduce a loop in any VLAN so as to prevent broadcast storms from interfering with connectivity. In this example, the AP switch connects to the MSM720 and the core IRF group on VLAN 32. However, the MSM720 and core IRF group do not need to connect on this VLAN, and no loop is introduced. Similarly, the MSM720 and two AP switches connect to the core IRF group on VLAN 8, but not to each other. As you see, this design features high bandwidth and redundancy for both connections to APs and to the corporate LAN core. At this point, high bandwidth is not truly necessary, but, as you have learned, APs might tunnel client traffic on Trunk 1, and the controller might forward that traffic out Trunk 2. Additional guidelines on link aggregation groups Follow these guidelines when creating a link aggregation groups: A static link aggregation group supports up to two links. Use static mode when possible because this option provides greater flexibility. A static link aggregation group supports both tagged and untagged VLAN assignments. You can also select different VLAN assignments for different trunks. Use an LACP link aggregation group when you require up to four standby links in addition to two active links. An LACP link aggregation group only supports untagged traffic in the default VLAN. By default, the Access network acts as the default VLAN, but you can change this setting so that any network profile is the default VLAN. To prevent loops, disable the ports before you add them to a link aggregation group. Finish adding ports to the group and assigning VLANs to the group. Only then should you re-enable the ports. Rev

14 Implementing and Troubleshooting HP Wireless Networks Discussion topics Figure 6-8: Discussion topics You now will review how to assign clients to VLANs and ensure that the wired infrastructure can receive that traffic. The solution depends largely on whether clients connect to access-controlled or non-access-controlled VSCs. You will review non-accesscontrolled VSCs first, as this is the simpler scenario Rev

15 VLANs Forwarding non-access-controlled clients on a VLAN Questions Figure 6-9: Forwarding non-access-controlled clients on a VLAN The company has a VSC for an employees WLAN that implements WPA/WPA2 and 802.1X authentication. The company wants all of these clients to receive IP addresses and forward their traffic in the same VLAN as employees with wired connections. 1. Do you need to create a network profile to meet this requirement? If so, answer these questions: a. What are the profile settings (name and VLAN ID)? b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? c. Does the profile require an IP interface? If so, what are the requirements? Rev

16 Implementing and Troubleshooting HP Wireless Networks 2. Do you need to make any other changes on the controller to meet this requirement? If so, what are the changes? 3. Where does the clients traffic enter the corporate LAN wired infrastructure? Which switch ports require a change in VLAN assignment, and what is that change? 4. In the figure on the previous page, trace the traffic flow between an authenticated wireless client and a server. The figure does not show all physical links and their VLAN assignments. Assume that the switch-to-switch links carry all VLANs Rev

17 VLANs Multiple VLANs for non-access-controlled clients: Location-based Figure 6-10: Multiple VLANs for non-access-controlled clients: Location-based An MSM solution can span multiple sites. Sometimes, the sites connect through a Layer 2 technology such as fiber-based Ethernet, a Layer 2 Multiple Protocol Label Switching (MPLS), or Virtual Private LAN Service (VPLS). In that case, you can plan the VLANs as for a single site. Many sites, however, connect over routed links. Sometimes a company uses the same VLAN IDs for the same purposes at every site even though the VLANs are associated with different subnets. For example, VLAN 16 at the main site is associated with /23, but VLAN 16 at site 2 is associated with /24. In this case, you can assign users to the same VLANs no matter where they connect. Often, though, each site has its own set of VLANs, and the MSM APs must forward users traffic in the correct VLAN for the location. The figure illustrates a solution of this type. Table 6-3: Corporate LAN VLANs at site 1 VLAN purpose VLAN ID Default gateway Management (infrastructure devices) /24 Users /23 Servers /24 APs /24 Rev

18 Implementing and Troubleshooting HP Wireless Networks Question Table 6-4: Corporate LAN VLANs at site 2 VLAN purpose VLAN ID Default gateway Management (infrastructure devices) /24 Users /24 APs /24 How do you adjust the solution so that APs at the main site forward wireless users traffic on VLAN 16 but APs at site 2 forward wireless users traffic in VLAN 216? 6 18 Rev

19 VLANs Multiple VLANs for non-access-controlled clients: User-based Figure 6-11: Multiple VLANs for non-access-controlled clients: User-based Now the company wants to divide users into different VLANs based on their identity. Assume that the controller is acting as the RADIUS server. In Module 4: Wireless Security, you learned how to create local user accounts for authenticating users, and in Module 5: Guest Solutions, you learned how to apply account profiles to user accounts. Although non-access-controlled profiles support fewer settings than accesscontrolled ones, they allow you to set an egress VLAN. The non-access-controlled user s egress VLAN is a bit different from an accesscontrolled user s egress VLAN. The non-access-controlled user s egress VLAN is simply a dynamic RADIUS VLAN. It overrides the VLAN ID assigned in the VSC binding; the AP then forwards the user s traffic with that VLAN ID. The AP can forward other users traffic with other IDs. You can specify any VLAN ID in the account profile. The ID does not have to exist in a network profile on the MSM Controller. Of course, the VLAN should exist in the network infrastructure. Based on these guidelines, plan a solution for a hospital with two user groups: Billing staff = VLAN 18 Medical staff = VLAN 20 Rev

20 Implementing and Troubleshooting HP Wireless Networks Question Table 6-5: Corporate LAN VLANs, including multiple user VLANs VLAN purpose VLAN ID Default gateway Management (infrastructure devices) /24 Billing staff /23 Medical staff /23 Servers /24 APs /24 How do you adjust the solution to meet these requirements? 6 20 Rev

21 VLANs Discussion topics Figure 6-12: Discussion topics Next you will review how to establish subnets for access-controlled clients as well as how to control where the clients traffic is forwarded in the protected network. Rev

22 Implementing and Troubleshooting HP Wireless Networks Goals for the review Figure 6-13: Goals for the review You will look at three types of access-controlled traffic so that you can practice creating solutions for each: Wireless traffic that is tunneled to the controller Wired traffic Wireless traffic that is not tunneled to the controller Typically, your solution would feature either tunneled or non-tunneled wireless traffic, depending on the needs of the environment. To either of those solutions, you could add wired traffic. Therefore, you will first examine tunneling wireless guests traffic and assigning the guests to a subnet without VLANs. You will then review how you can use VLANNs to apply the solution to wired guests. From there, you will move on to solutions for egressing the guests traffic. Only then will you review the alternative solutions, in which both wired and wireless users are placed on an unprotected VLAN Rev

23 VLANs Assigning guests to a subnet without VLANs Figure 6-14: Assigning guests to a subnet without VLANs The company is now adding a VSC for guests to the solution. The controller will handle the traffic as well as implement Web authentication (Web-Auth) to its own guest accounts. Guests are assigned to subnet /23, which does not exist anywhere else in the network. For now, assume that the MSM Controller will act as the DHCP server. For a use case such as this, you can easily implement the solution without adding a VLAN for the guests. Questions: Default VSC Explain how you can meet the requirements when you use the default VSC for the Guest WLAN. 1. Do you need to create a network profile to meet this requirement? If so, answer these questions: a. What are the profile settings (name and VLAN ID)? Rev

24 Implementing and Troubleshooting HP Wireless Networks b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? c. Does the profile require an IP interface? If so, what are the requirements? 2. Do you need to make any changes to the network infrastructure? If so, what are those changes? 3. What VSC settings do you establish? What VSC binding settings? 6 24 Rev

25 VLANs 4. Do you need to make any other changes to the controller configuration? If so, what are the changes? Questions: Other VSC Explain how you can meet the company s requirements when you use another VSC for the Guest WLAN. 1. Do you need to create a network profile to meet this requirement? If so, answer the following questions: a. What are the profile settings (name and VLAN ID)? b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? Rev

26 Implementing and Troubleshooting HP Wireless Networks c. Does the profile require an IP interface? If so, what are the requirements? 2. Do you need to make any changes to the network infrastructure? If so, what are the changes? 3. What VSC settings do you establish? What VSC binding settings? 4. Do you need to make any other changes to the controller configuration? If so, what are the changes? 6 26 Rev

27 VLANs Using VLANs to apply access control to wired clients Figure 6-15: Using VLANs to apply access control to wired clients Currently, all unused switch ports at the main site are assigned to VLAN 1, which does not provide network access. The company wants the controller to use its guest VSC to provide controlled network access and Web-Auth for any user who connects to one of these ports. Questions: Default VSC Explain how you can meet the requirements when you use the default VSC for the Guest WLAN. 1. Do you need to create a network profile to meet this requirement? If so, answer these questions: a. What are the profile settings (name and VLAN ID)? Rev

28 Implementing and Troubleshooting HP Wireless Networks b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? c. Does the profile require an IP interface? If so, what are the requirements? 2. Do you need to make any changes to the network infrastructure? If so, what are these changes? 3. What VSC settings do you need to change, if any? What VSC binding settings? 4. Do you need to make any other changes to the controller configuration? If so, what are the changes? 6 28 Rev

29 VLANs Questions: Other VSC Explain how you can meet the company s requirements when you use another VSC for the Guest WLAN. 1. Do you need to create a network profile to meet this requirement? If so, answer the following questions: a. What are the profile settings (name and VLAN ID)? b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? c. Does the profile require an IP interface? If so, what are the requirements? 2. Do you need to make any changes to the network infrastructure? If so, what are these changes? Rev

30 Implementing and Troubleshooting HP Wireless Networks 3. What VSC settings do you need to change, if any? What VSC binding settings? 4. Do you need to make any other changes to the controller configuration? If so, what are the changes? 6 30 Rev

31 VLANs Using VLANs to route authenticated guest traffic Questions Figure 6-16: Using VLANs to route authenticated guest traffic The company now wants to route all authenticated guest traffic on VLAN 64, subnet /24, which connects directly to the Internet gateway. The table shows the subnets associated with the VLANs shown in the figure. (The company might have more subnets, but they are not relevant to this solution.) Devices in the corporate LAN are the default gateways for all subnets except Guests. The controller routes guest traffic. Table 6-6: Corporate LAN VLANs VLAN purpose VLAN ID Default gateway Guests 1 (or none) /23 Management (infrastructure devices) /24 Users /23 Servers /24 APs (main site) /24 Internet /24 APs (site 2) /24 Users (site 2) /24 1. Do you need to create a network profile to meet this requirement? If so, answer these questions: a. What are the profile settings (name and VLAN ID)? Rev

32 Implementing and Troubleshooting HP Wireless Networks b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? c. Does the profile require an IP interface? If so, what are the requirements? 2. Do you need to make any changes to the network infrastructure? If so, what are they? 3. Do you need to make any other changes on the MSM Controller? If so, what are they? 6 32 Rev

33 VLANs Assigning user-based VLANs for routing authenticated guest traffic Questions Figure 6-17: Assigning user-based VLANs for routing authenticated guest traffic Next assume that a hospital wants to route different guests traffic out different VLANs. The MSM Controller routes normal visitors traffic directly to the Internet router on VLAN 64. Visiting students, however, are allowed access to a bank of resources; a gateway in VLAN 72 handles their traffic and applies the correct access controls. Table 6-7: Corporate LAN VLANs VLAN purpose VLAN ID Default gateway Guests 1 (or none) /23 Management (infrastructure devices) /24 Users /23 Servers /24 APs /24 Internet /24 Student LAN /24 Adjust the solution that you have established up to this point to meet these requirements. 1. Do you need to create a network profile to meet this requirement? Rev

34 Implementing and Troubleshooting HP Wireless Networks If so, answer the following questions: a. What are the profile settings (name and VLAN ID)? b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? c. Does the profile require an IP interface? If so, what are the requirements? 2. Do you need to make any changes to the network infrastructure? If so, what are they? 3. Do you need to make any other changes on the MSM Controller? If so, what are they? 6 34 Rev

35 VLANs Review traffic flow Questions Figure 6-18: Review traffic flow What is the traffic flow for various guest users? At each step, indicate whether the device tunnels the traffic, forwards the traffic toward its destination at Layer 2, or routes the traffic. For these questions, assume that users have authenticated. 1. How is traffic for a wireless visitor at the main site forwarded? Rev

36 Implementing and Troubleshooting HP Wireless Networks 2. How is traffic for a student visitor at site 2 forwarded? 3. How is traffic forwarded for a visitor with an Ethernet connection to VLAN 1 at the main site? 6 36 Rev

37 VLANs Alternatives: Using VLANs to implement access control for wireless clients Figure 6-19: Alternatives: Using VLANs to implement access control for wireless clients VLAN 1 establishes an unprotected network in which users can reach any resources deployed there. Now consider a situation in which the company wants to place unauthenticated wireless guests in this VLAN as well. This solution works only for guests connected to APs that can obtain a Layer 2 connection to the controller (whether the APs are deployed at the same site or whether a remote site has a Layer 2 connection to the main site). Questions: Adjusting the AP discovery For this solution, you need to adjust how the controller discovers and manages APs at the main site. Explain what you must do. Rev

38 Implementing and Troubleshooting HP Wireless Networks Questions: Default VSC Explain how you can meet the company s requirements when you use the default VSC for the Guest WLAN. 1. Do you need to create a network profile? If so, answer these questions: a. What are the profile settings (name and VLAN ID)? b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? c. Does the profile require an IP interface? If so, what are the requirements? 2. Do you need to make any changes to the network infrastructure? If so, what are they? 3. What VSC settings do you need to change, if any? What VSC binding settings? 6 38 Rev

39 VLANs 4. How is the traffic flow for a wireless visitor connected at the main site different from the traffic flow described on the previous slide? (Again, assume that the user is authenticated.) Questions: Other VSC Explain how you can meet the company s requirements when you use another VSC for the Guest WLAN. 1. Do you need to create a network profile? If so, answer these questions: a. What are the profile settings (name and VLAN ID)? b. Where do you assign the network profile (mapped to a controller port, assigned as an ingress VLAN in a VSC, assigned as an egress VLAN in a VSC, or assigned as an egress network in a VSC binding; indicate all that apply)? c. Does the profile require an IP interface? If so, what are the requirements? Rev

40 Implementing and Troubleshooting HP Wireless Networks 2. Do you need to make any changes to the network infrastructure? 3. What VSC settings do you need to change, if any? What VSC binding settings? 4. How is the traffic flow for a wireless visitor connected at the main site different from the traffic flow described on the previous slide? (Again, assume that the user is authenticated.) 6 40 Rev

41 VLANs Alternatives: Implementing a similar solution on an MSM720 Figure 6-20: Alternatives: Implementing a similar solution on an MSM720 The figure displays a solution similar to the one that you planned earlier in the module. In this solution, however, the main site APs discover the controller at Layer 2, all of the their management traffic flowing directly to the MSM controller. Other APs discover the controller at Layer 3 on its Internet network IP address. The APs are already configured to forward employees traffic in VLAN 16 at the main site and VLAN 216 at site 2 (that is, the network profiles for these VLANs are specified in the appropriate AP group VSC bindings). The figure on the next page shows the set up in more detail. You must now plan how to set up a guest solution that allows visitors to connect wirelessly at the main site, wirelessly at site 2, and with Ethernet connections at the main site (unused ports are in VLAN 1). The controller will provide IP addresses to the guests, allow the guests to log in through its internal login pages, and prevent the guests from reaching any network resources until they log in. After the guests log in, they should be able to access the Internet only. You must plan how to implement this solution. Note Although the figure on the next page shows the MSM720 ports connected, you would assign the correct VLANs to the ports before connecting them. Rev

42 Implementing and Troubleshooting HP Wireless Networks Table 6-8: Corporate LAN VLANs, including guest VLAN/subnet VLAN purpose VLAN ID Default gateway Guests 1 (or none) /23 Management (infrastructure devices) /24 Users /23 Servers /24 APs /24 Internet /24 APs (site 2) /24 Users (site 2) /24 Questions Figure 6-21: MSM720 deployment 1. Will you use the default VSC or a different VSC for the guest VSC? 6 42 Rev

43 VLANs 2. Make a plan for creating network profiles, if necessary. Also plan how to assign profiles (new and existing) to the MSM720 trunks (link aggregation groups). 3. Do you need to create any new IP interfaces? If so, what are the appropriate settings? Do you need to adjust IP settings for existing IP interfaces? If so, how? 4. What VSC settings will you establish? What VSC binding settings? Rev

44 Implementing and Troubleshooting HP Wireless Networks 5. What additional MSM settings do you need to configure to ensure that guests receive IP addresses and that the controller can receive and forward their traffic? (You might configure additional settings for the guest solution, in general, but you do not need to list those.) 6. What changes do you need to make to the switch port VLAN assignments? 6 44 Rev

45 VLANs Lab Activity 6.1 Figure 6-22: Lab Activity 6.1 In Lab Activity 6.1, you will assign user-based VLANs to employees and also an egress VLAN to authenticated guests. You will explore the differences in the solutions. Rev

46 Implementing and Troubleshooting HP Wireless Networks Lab Activity 6.1 debrief Use the space below to record your key insights and challenges from Lab Activity 6.1. Table 6-9: Debrief for Lab Activity 6.1 Challenges Key Insights Use the space below to record your thoughts about various deployment strategies that you explored during Lab Activity 6.1. NOTES 6 46 Rev

47 VLANs Discussion topics Figure 6-23: Discussion topics Until now you have learned how to implement access-controlled solutions in which the MSM Controller acts as the DHCP server. Some enterprises, however, prefer to handle all IP assignments from their network DHCP servers. To meet this need, you configure DHCP relay. Rev

48 Implementing and Troubleshooting HP Wireless Networks Using DHCP relay for access-controlled clients Figure 6-24: Using DHCP relay for access-controlled clients To configure DHCP relay for access-controlled clients, you must enable DHCP relay globally from the Controller >> Network > Address allocation window. Select the option and click Configure. From that window, you configure the settings for DHCP as implemented on the untagged LAN port (or Access network) interface and the default VSC. You also choose whether to relay DHCP requests received on the untagged LAN port (or Access network), on client data tunnels to access-controlled VSCs, or both. When the controller relays a request, it includes its relay IP address: For requests received on the untagged LAN port (or Access network), this is the controller s IP address on that interface. This IP address is also the relay address for requests received on the default VSC. For requests received on other access-controlled VSCs, you specify an IP address and subnet mask. The controller creates a virtual IP interface for this IP address (just as it does for the gateway address for VSC DHCP server settings). Therefore, the same guidelines apply. The subnet must be unique (not defined on any other IP interface). The DHCP server scope for the subnet must specify the controller s relay address for the default gateway and for the DNS server IP address as well. Note You can specify external DNS servers, but this solution requires additional setup: An access list rule permits unauthenticated guests to send DNS requests to the server. The server resolves the controller s HTML authentication certificate subject name to the controller s untagged LAN port (or Access network) IP address. (When you use the controller as the DNS server, that is not required.) Just as when you use the DHCP server, the guest subnet generally does not exist in the wired infrastructure although the DHCP server does have a scope for it Rev

49 VLANs You learned two methods for routing traffic back to this virtual subnet in Module 5: Guest Solutions. You can implement NAT on the IP interfaces that forward traffic from the VSCs, or you can create routes in the wired infrastructure. When you use DHCP relay, you should use the route option. This is because the server sends the DHCP replies back to the relay IP address, which needs to be in the actual guest subnet. Create the route on the server s default gateway. On the controller, disable NAT on any IP interface that will forward guest traffic. Rev

50 Implementing and Troubleshooting HP Wireless Networks Resolving potential issues with the firewall Figure 6-25: Resolving potential issues with the firewall Sometimes a DHCP server sends pings to clients to determine whether it can assign a leased IP address to another client. You might need to adjust the controller s firewall, which is enabled by default, to allow these pings to reach access-controlled clients. Note that this firewall is different from the access lists, which apply to access-controlled clients before their traffic is routed out an interface. The firewall applies to traffic as it is routed out or in an IP interface. When necessary, follow this process to adjust: 1. Navigate to Controller >> Security > Firewall. 2. Select Custom Firewall and click Edit. 3. You might want to use the same rules enforced at the High setting as a baseline. These rules allow any outbound traffic from clients (that access lists have already allowed) except NetBIOS traffic. It drops inbound ICMP traffic and inbound traffic for new or invalid sessions. The table illustrates those in more detail. To quickly duplicate these rules, make sure that the Reset to list displays High. Then click Reset to. 4. You can then add your own rules by clicking Add New Rule. These rules include these components: Source IP address and mask (or Any) Destination IP address and mask (or Any) Direction (incoming from the protected network or outgoing from accesscontrolled clients) Action (accept or deny) Services (select the predefined service to permit or deny certain types of traffic) Stateful settings (allows you to define different actions based on, for example, whether traffic is part of an existing or new session) To create rules for allowing the necessary pings and ping replies, follow these steps: 6 50 Rev

51 VLANs a. When you clicked Add New Rule, a new window is displayed. b. For Source, type the DHCP server s IP address. c. For Source mask, type d. For Destination, leave ANY, or type the subnet address for the guests. If you choose the second option, type the guest subnet mask in the Destination Mask field. e. For Direction, select Input. f. For Action, select Accept. g. For Services, from the Presets list, select ICMP Echo. h. Click Add. i. Click Add New Rule to allow replies from the guest clients. j. For Source, leave ANY, or type the subnet address for the guests. If you choose the second option, type the guest subnet mask in the Source Mask field. k. For Destination, type the DHCP server s IP address. l. For Destination mask, type m. For Direction, select Output. n. For Action, select Accept. o. For Services, from the Presets list, select ICMP Echo Reply. p. Click Add. 5. You can also create other rules. When you have finished, click Save. Table 6-10: Rules for the Firewall at the preset High level Source Destination Service Protocol Direction Action Stateful ANY ANY Type: 5 ICMP In Drop Redirect, code: ANY ANY ANY In Drop Invalid, New ANY ANY NetBIOS TCP TCP Out Drop ANY ANY NetBIOS UDP UDP Out Drop Rev

52 Implementing and Troubleshooting HP Wireless Networks Extending the egress VLAN to access-controlled clients Figure 6-26: Extending the egress VLAN to access-controlled clients In all the options that you have examined, access-controlled clients have IP addresses in one subnet and the controller routes their traffic out another. As you have learned, an egress VLAN limits the forwarding interface but does not affect the subnet on which the client receives its IP address. You can, however, adjust an access-controlled solution so that the egress VLAN in the VSC functions more like an egress VLAN for nonaccess-controlled clients. That is, clients receive IP addresses in that VLAN although the controller still routes their traffic before the traffic reaches the egress VLAN s default gateway. Follow these guidelines: Apply the egress VLAN to unauthenticated clients in the VSC (as well as to authenticated clients). In the global DHCP relay settings, select the check box for extending the ingress interface to the egress interface. In the VSC DHCP relay settings, select the Extend to egress interface option. You can no longer specify the IP address and subnet mask. You also cannot specify the DHCP server in the relay settings. The MSM Controller simply forwards the request on the egress VLAN IP interface. If the DHCP server does not reside on that VLAN, the VLAN s default gateway in the network infrastructure must implement DHCP relay. Disable NAT on the egress VLAN IP interface. Because the egress VLAN already exists in the wired infrastructure, you do not need to create a route for it Rev

53 VLANs Follow the same guidelines indicated on the previous page for the DHCP pool. Set the MSM Controller s IP address for the default gateway and DNS server. This figure below illustrates how the controller applies the DHCP settings for this solution. You can compare this figure to Figure As you see, in this solution, the controller is the default gateway for clients in their subnet, but another routing device in the VLAN acts as the controller s default gateway. This device also implements DHCP relay to the server. Figure 6-27: DHCP communications when you extend the egress VLAN to access-controlled clients Rev

54 Implementing and Troubleshooting HP Wireless Networks Lab Activity 6.2 Figure 6-28: Lab Activity 6.2 You will next implement DHCP relay for access-controlled clients. Consult your Lab Guide for instructions for performing this activity Rev

55 VLANs Lab Activity 6.2 debrief Use the space below to record your key insights and challenges from Lab Activity 6.2. Table 6-11: Debrief for Lab Activity 6.2 Challenges Key Insights Use the space below to record your thoughts about various deployment strategies that you explored during Lab Activity 6.2. NOTES Rev

56 Implementing and Troubleshooting HP Wireless Networks Summary Figure 6-29: Summary In this module, you have put together everything that you have learned so far about planning VLANs and networks for your MSM solution: VLANs for managing the MSM Controller and APs VLANs for non-access-controlled clients Networks and VLANs for access-controlled clients You also learned how to relay access-controlled, or guest, clients DHCP requests to a network DHCP server. As part of this discussion, you learned how to extend DHCP relay onto an access-controlled VSC s egress VLAN. In this way, you can assign access-controlled clients IP addresses in the same VLAN in which their authenticated traffic is eventually routed Rev

57 VLANs Learning check Answer the following questions: 1. An MSM Controller acts as the RADIUS server for an employee VSC (using 802.1X) and a guest VSC (using Web-Auth). It has non-access-controlled account profiles for the employees and access-controlled-profiles for the guests. Both types of profiles assign egress VLANs. What are some differences between the VLANs? 2. You have set up DHCP relay on an access-controlled VSC. You specified as the subnet address and as the mask. What settings should the DHCP scope on the external DHCP server include? Rev

58 Implementing and Troubleshooting HP Wireless Networks PAGE INTENTIONALLY LEFT BLANK 6 58 Rev

Configuring Network Address Translation (NAT)

Configuring Network Address Translation (NAT) 8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and

More information

NETGEAR ProSAFE WC7520 Wireless Controller

NETGEAR ProSAFE WC7520 Wireless Controller NETGEAR ProSAFE WC7520 Wireless Controller Confi guring Offi ce and Guest SSIDs Using a Layer 3 Switch on Separate Layer 3 Subnets APPLICATION NOTES INTRODUCTION Business environments are dynamic in nature,

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs CompTIA Network+ N10 005 Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs Domain 1.0: Network Concepts 1.1 Compare the layers of the OSI and TCP/IP Models TCP/IP Model Layer Matching

More information

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007 ProCurve Wireless Edge Services xl Module v.2 Software NPI Technical Training NPI Technical Training Version: 1.5 12 June 2007 2007 Hewlett-Packard Development Company, L.P. The information contained herein

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

Computer Networks I Laboratory Exercise 1

Computer Networks I Laboratory Exercise 1 Computer Networks I Laboratory Exercise 1 The lab is divided into two parts where the first part is a basic PC network TCP/IP configuration and connection to the Internet. The second part is building a

More information

Optimum Business SIP Trunk Set-up Guide

Optimum Business SIP Trunk Set-up Guide Optimum Business SIP Trunk Set-up Guide For use with IP PBX only. SIPSetup 07.13 FOR USE WITH IP PBX ONLY Important: If your PBX is configured to use a PRI connection, do not use this guide. If you need

More information

Topic 7 DHCP and NAT. Networking BAsics.

Topic 7 DHCP and NAT. Networking BAsics. Topic 7 DHCP and NAT Networking BAsics. 1 Dynamic Host Configuration Protocol (DHCP) IP address assignment Default Gateway assignment Network services discovery I just booted. What network is this? What

More information

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) 100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.

More information

Aruba Instant IAP Setup Notes June 2012 Version 3

Aruba Instant IAP Setup Notes June 2012 Version 3 Aruba Instant IAP Setup Notes June 2012 Version 3 Aruba Instant (or IAP) is a simple to deploy turn-key WLAN solution consisting of one or more access points. As long as you have an Ethernet port with

More information

Meraki MX60 Hardware Installation Guide

Meraki MX60 Hardware Installation Guide Meraki MX60 Hardware Installation Guide August 2011 Copyright 2010, Meraki, Inc. www.meraki.com 660 Alabama St. San Francisco, California 94110 Phone: +1 415 632 5800 Fax: +1 415 632 5899 Copyright: 2010

More information

ProCurve Switch 1700-8 ProCurve Switch 1700-24

ProCurve Switch 1700-8 ProCurve Switch 1700-24 Management and Configuration Guide ProCurve Switch 1700-8 ProCurve Switch 1700-24 www.procurve.com ProCurve Series 1700 Switch Management and Configuration Guide Copyright 2007 Hewlett-Packard Development

More information

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup 1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already

More information

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

WiNG5 CAPTIVE PORTAL DESIGN GUIDE WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated

More information

Wireless Local Area Networks (WLANs)

Wireless Local Area Networks (WLANs) 4 Wireless Local Area Networks (WLANs) Contents Overview...................................................... 4-3 Configuration Options: Normal Versus Advanced Mode.............. 4-4 Normal Mode Configuration..................................

More information

NBG2105. User s Guide. Quick Start Guide. Wireless Mini Travel Router. Default Login Details. Version 1.00 Edition 1, 11/2012

NBG2105. User s Guide. Quick Start Guide. Wireless Mini Travel Router. Default Login Details. Version 1.00 Edition 1, 11/2012 NBG2105 Wireless Mini Travel Router Version 1.00 Edition 1, 11/2012 Quick Start Guide User s Guide LAN IP Address Default Login Details 192.168.1.1 (Router Mode) 192.168.1.2 (Other Modes) Passwordwww.zyxel.com

More information

Cisco CME Network Parameters

Cisco CME Network Parameters Cisco CME Network Parameters Auxiliary VLANs This topic describes auxiliary VLANs. Auxiliary VLANs Prevent unnecessary IP address renumbering Simplifies Quality of Service (QoS) configurations Separates

More information

RAP Installation - Updated

RAP Installation - Updated RAP Installation - Updated August 01, 2012 Aruba Controller Release 6.1.3.2 The Controller has several wizards that can guide you through a variety of configuration processes. On the Configuration tab

More information

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance CHAPTER 5 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance This chapter describes how to configure the switch ports and VLAN interfaces of the ASA 5505 adaptive

More information

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

Wireless LAN Controller Web Authentication Configuration Example

Wireless LAN Controller Web Authentication Configuration Example Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process

More information

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent? What is Network Agent? Websense Network Agent software monitors all internet traffic on the machines that you assign to it. Network Agent filters HTTP traffic and more than 70 other popular internet protocols,

More information

UTM (Unified Threat Management) in a multi-ssid multi-vlan network with traffic separation

UTM (Unified Threat Management) in a multi-ssid multi-vlan network with traffic separation UTM (Unified Threat Management) in a multi-ssid multi-vlan network with traffic separation This document describes the steps to undertake in configuring a UTM 10 (Firmware version 1.0.16-0) and a WNDAP330

More information

Network Agent Quick Start

Network Agent Quick Start Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense

More information

HP ProCurve 1800 Switches. Management and Configuration Guide

HP ProCurve 1800 Switches. Management and Configuration Guide HP ProCurve 1800 Switches Management and Configuration Guide July 2009 HP ProCurve 1800 Switches Management and Configuration Guide Copyright 2006, 2009 Hewlett-Packard Development Company, L.P. The information

More information

VDSL Hospitality Setup Guide. For 100+ Rooms

VDSL Hospitality Setup Guide. For 100+ Rooms VDSL Hospitality Setup Guide For 100+ Rooms Table of Contents Table of Contents...2 Getting Started...3 What is the network topology in the hotel?... 3 How to integrate the VSG-1200, ES-3024 and VLC1124L...

More information

Application Note Gigabit Ethernet Port Modes

Application Note Gigabit Ethernet Port Modes Application Note Gigabit Ethernet Port Modes Application Note Gigabit Ethernet Port Modes Table of Contents Description... 3 Benefits... 4 Theory of Operation... 4 Interaction with Other Features... 7

More information

Configuring a Net2 plus using TCP/IP

Configuring a Net2 plus using TCP/IP Server Link 00 0 0/00 Ethernet Server Link 00 0 0/00 Ethernet Server Link 00 0 0/00 Ethernet Server Link 00 0 0/00 Ethernet Intruder Intruder Intruder Intruder Server Link 00 0 0/00 Ethernet Server Link

More information

Network Address Translation on a Stick

Network Address Translation on a Stick Network Address Translation on a Stick Document ID: 6505 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Example 1 Network Diagram and Configuration

More information

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall This document describes how to: - Create multiple routing VLANs - Obtain Internet access on

More information

ASA NAT Configuration: Webserver in the DMZ in ASA Version 8.3 and later

ASA NAT Configuration: Webserver in the DMZ in ASA Version 8.3 and later ASA NAT Configuration: Webserver in the DMZ in ASA Version 8.3 and later Document ID: 115904 Contributed by Magnus Mortensen, Cisco TAC Engineer. Feb 11, 2013 Contents Introduction Prerequisites Requirements

More information

Application Note Startup Tool - Getting Started Guide

Application Note Startup Tool - Getting Started Guide Application Note Startup Tool - Getting Started Guide 1 April 2012 Startup Tool Table of Contents 1 INGATE STARTUP TOOL... 1 2 STARTUP TOOL INSTALLATION... 2 3 CONNECTING THE INGATE FIREWALL/SIPARATOR...

More information

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels This article provides a reference for deploying a Barracuda Link Balancer under the following conditions: 1. 2. In transparent (firewall-disabled)

More information

The information in this document is based on an ASA 5510 firewall that runs ASA code version 9.1(1).

The information in this document is based on an ASA 5510 firewall that runs ASA code version 9.1(1). Contents Introduction Prerequisites Requirements Components Used Overview Goals Access Control List Overview NAT Overview Configure Get Started Topology Step 1 - Configure NAT to Allow Hosts to Go Out

More information

Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs

Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs How To Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs Introduction In a large network where internal users cannot be trusted, it is nearly impossible to stop a host from

More information

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW) Page 1 of 20 Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW) Document ID: 50036 Contents Introduction Prerequisites Requirements Components Used Network Diagram The Role of Switched

More information

Abstract. MEP; Reviewed: GAK 10/17/2005. Solution & Interoperability Test Lab Application Notes 2005 Avaya Inc. All Rights Reserved.

Abstract. MEP; Reviewed: GAK 10/17/2005. Solution & Interoperability Test Lab Application Notes 2005 Avaya Inc. All Rights Reserved. Configuring Single Instance Rapid Spanning Tree Protocol (RSTP) between an Avaya C360 Converged Switch and HP ProCurve Networking Switches to support Avaya IP Telephony Issue 1.0 Abstract These Application

More information

Troubleshooting the Firewall Services Module

Troubleshooting the Firewall Services Module CHAPTER 25 This chapter describes how to troubleshoot the FWSM, and includes the following sections: Testing Your Configuration, page 25-1 Reloading the FWSM, page 25-6 Performing Password Recovery, page

More information

VMware vcloud Air Networking Guide

VMware vcloud Air Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services Table of Contents Table of Contents Using the BIG-IP Edge Gateway for layered security and

More information

SSVP SIP School VoIP Professional Certification

SSVP SIP School VoIP Professional Certification SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover

More information

Troubleshooting the Firewall Services Module

Troubleshooting the Firewall Services Module 25 CHAPTER This chapter describes how to troubleshoot the FWSM, and includes the following sections: Testing Your Configuration, page 25-1 Reloading the FWSM, page 25-6 Performing Password Recovery, page

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503

More information

estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT

estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT Objectives To become familiar with wireless mesh networks and show set up a wireless mesh network test bed using the DD WRT firmware. We

More information

BASIC ANALYSIS OF TCP/IP NETWORKS

BASIC ANALYSIS OF TCP/IP NETWORKS BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks

More information

GregSowell.com. Mikrotik Basics

GregSowell.com. Mikrotik Basics Mikrotik Basics Terms Used Layer X When I refer to something being at layer X I m referring to the OSI model. VLAN 802.1Q Layer 2 marking on traffic used to segment sets of traffic. VLAN tags are applied

More information

Technical White Paper

Technical White Paper Instant APN Technical White Paper Introduction AccessMyLan Instant APN is a hosted service that provides access to a company network via an Access Point Name (APN) on the AT&T mobile network. Any device

More information

Chapter 4 Customizing Your Network Settings

Chapter 4 Customizing Your Network Settings . Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It

More information

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN-000599-01

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN-000599-01 ESXi 5.0 vcenter Server 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

SonicOS Enhanced 5.7.0.2 Release Notes

SonicOS Enhanced 5.7.0.2 Release Notes SonicOS Contents Platform Compatibility... 1 Key Features... 2 Known Issues... 3 Resolved Issues... 4 Upgrading SonicOS Enhanced Image Procedures... 6 Related Technical Documentation... 11 Platform Compatibility

More information

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port 1. VLAN Overview 2. VLAN Trunk 3. Why use VLANs? 4. LAN to LAN communication 5. Management port 6. Applications 6.1. Application 1 6.2. Application 2 6.3. Application 3 6.4. Application 4 6.5. Application

More information

Penn State Wireless 2.0 and Related Services for Network Administrators

Penn State Wireless 2.0 and Related Services for Network Administrators The following document provides details about the operation and configuration parameters for Penn State Wireless 2.0 and Visitor Wireless. It is intended for Penn State network administrators who are considering

More information

Cisco TrustSec How-To Guide: Guest Services

Cisco TrustSec How-To Guide: Guest Services Cisco TrustSec How-To Guide: Guest Services For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2 Introduction...

More information

Multi-Homing Security Gateway

Multi-Homing Security Gateway Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000

More information

Cisco Expressway Basic Configuration

Cisco Expressway Basic Configuration Cisco Expressway Basic Configuration Deployment Guide Cisco Expressway X8.1 D15060.03 August 2014 Contents Introduction 4 Example network deployment 5 Network elements 6 Internal network elements 6 DMZ

More information

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R OSBRiDGE 5XLi Configuration Manual Firmware 3.10R 1. Initial setup and configuration. OSBRiDGE 5XLi devices are configurable via WWW interface. Each device uses following default settings: IP Address:

More information

Installation of the On Site Server (OSS)

Installation of the On Site Server (OSS) Installation of the On Site Server (OSS) rev 1.1 Step #1 - Initial Connection to the OSS Having plugged in power and an ethernet cable in the eth0 interface (see diagram below) you can connect to the unit

More information

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance CHAPTER 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance This chapter describes how to configure the switch ports and VLAN interfaces of the ASA 5505 adaptive

More information

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0 Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0 COURSE OVERVIEW: Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0 is a five-day, instructor-led training course that teaches learners

More information

Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.

Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1. Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.0 Abstract These Application Notes describe how to configure the Avaya

More information

Chapter 11 Network Address Translation

Chapter 11 Network Address Translation Chapter 11 Network Address Translation You can configure an HP routing switch to perform standard Network Address Translation (NAT). NAT enables private IP networks that use nonregistered IP addresses

More information

CCT vs. CCENT Skill Set Comparison

CCT vs. CCENT Skill Set Comparison Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification

More information

ZULTYS. Optimum Business Trunking and the Zultys MX250 IP PBX Configuration Guide

ZULTYS. Optimum Business Trunking and the Zultys MX250 IP PBX Configuration Guide ZULTYS Optimum Business Trunking and the Zultys MX250 IP PBX Configuration Guide ZULTYS Table of Contents 1. Overview 2. SIP Trunk Adaptor Set-up Instructions 3. Additional Set-up Information 4. International

More information

Top-Down Network Design

Top-Down Network Design Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,

More information

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address Objectives University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab.4 Basic Network Operation and Troubleshooting 1. To become familiar

More information

Chapter 2 Connecting the FVX538 to the Internet

Chapter 2 Connecting the FVX538 to the Internet Chapter 2 Connecting the FVX538 to the Internet Typically, six steps are required to complete the basic connection of your firewall. Setting up VPN tunnels are covered in Chapter 5, Virtual Private Networking.

More information

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting... Global VPN Client SonicWALL Global VPN Client 4.7.3 Release Notes Contents Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting... 4

More information

IP Filter/Firewall Setup

IP Filter/Firewall Setup IP Filter/Firewall Setup Introduction The IP Filter/Firewall function helps protect your local network against attack from outside. It also provides a method of restricting users on the local network from

More information

Interconnecting Cisco Network Devices 1 Course, Class Outline

Interconnecting Cisco Network Devices 1 Course, Class Outline www.etidaho.com (208) 327-0768 Interconnecting Cisco Network Devices 1 Course, Class Outline 5 Days Interconnecting Cisco Networking Devices, Part 1 (ICND1) v2.0 is a five-day, instructorled training course

More information

Dell Networking N2024: Quick Setup Guide

Dell Networking N2024: Quick Setup Guide Dell Networking N2024: Quick Setup Guide Version 1.0 Table of Contents Introduction...2 About the Dell Networking N2024...2 About the HC3 Cluster...2 Software Requirements for this Application Note...2

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

Networking Guide Redwood Manager 3.0 August 2013

Networking Guide Redwood Manager 3.0 August 2013 Networking Guide Redwood Manager 3.0 August 2013 Table of Contents 1 Introduction... 3 1.1 IP Addresses... 3 1.1.1 Static vs. DHCP... 3 1.2 Required Ports... 4 2 Adding the Redwood Engine to the Network...

More information

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering?

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering? FAQs: MATRIX NAVAN CNX200 Q: How to configure port triggering? Port triggering is a type of port forwarding where outbound traffic on predetermined ports sends inbound traffic to specific incoming ports.

More information

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent? What is Network Agent? The Websense Network Agent software component uses sniffer technology to monitor all of the internet traffic on the network machines that you assign to it. Network Agent filters

More information

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited Presentation Agenda Peplink Balance Pepwave MAX Features

More information

Chapter 4 Customizing Your Network Settings

Chapter 4 Customizing Your Network Settings Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax Dual Band Wireless-N Router WNDR3300, including LAN, WAN, and routing settings.

More information

H0/H2/H4 -ECOM100 DHCP & HTML Configuration. H0/H2/H4--ECOM100 DHCP Disabling DHCP and Assigning a Static IP Address Using HTML Configuration

H0/H2/H4 -ECOM100 DHCP & HTML Configuration. H0/H2/H4--ECOM100 DHCP Disabling DHCP and Assigning a Static IP Address Using HTML Configuration H0/H2/H4 -ECOM100 DHCP & HTML 6 H0/H2/H4--ECOM100 DHCP Disabling DHCP and Assigning a Static IP Address Using HTML 6-2 H0/H2/H4 -ECOM100 DHCP DHCP Issues The H0/H2/H4--ECOM100 is configured at the factory

More information

GregSowell.com. Mikrotik Security

GregSowell.com. Mikrotik Security Mikrotik Security IP -> Services Disable unused services Set Available From for appropriate hosts Secure protocols are preferred (Winbox/SSH) IP -> Neighbors Disable Discovery Interfaces where not necessary.

More information

Configuring a customer owned router to function as a switch with Ultra TV

Configuring a customer owned router to function as a switch with Ultra TV Configuring a customer owned router to function as a switch with Ultra TV This method will turn the customer router into a wireless switch and allow the Ultra Gateway to perform routing functions and allow

More information

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1 Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the

More information

Talk2M Free+ Remote-Access Connectivity Solution for ewon COSY devices. Getting Started Guide

Talk2M Free+ Remote-Access Connectivity Solution for ewon COSY devices. Getting Started Guide Talk2M Free+ Remote-Access Connectivity Solution for ewon COSY devices Getting Started Guide Page 1 of 36 mac-solutions.co.uk DSH : v3 OCT 2014 INTRODUCTION... 3 HARDWARE AND SOFTWARE REQUIREMENTS... 5

More information

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX NOTE: This is an advisory document to be used as an aid to resellers and IT staff looking to use the Edgewater 4550 in conjunction with

More information

Technical Service Bulletin

Technical Service Bulletin Wireless Handoff/Fast Roaming/802.11rk This powerful feature, known in Araknis products as Fast Roaming, is essential for building reliable Wi-Fi networks with multiple access points. After a client joins

More information

Chapter 5 Customizing Your Network Settings

Chapter 5 Customizing Your Network Settings Chapter 5 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax NEXT Wireless Router WNR834B, including LAN, WAN, and routing settings.

More information

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Document ID: 69632 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure

More information

Configuring the Cisco IOS DHCP Relay Agent

Configuring the Cisco IOS DHCP Relay Agent Configuring the Cisco IOS DHCP Relay Agent Last Updated: July 27, 2012 All Cisco routers that run Cisco software include a DHCP server and the relay agent software. A DHCP relay agent is any host or IP

More information

ProSAFE 8-Port and 16-Port Gigabit Click Switch

ProSAFE 8-Port and 16-Port Gigabit Click Switch ProSAFE 8-Port and 16-Port Gigabit Click Switch Model GSS108E and GSS116E User Manual March 2015 202-11520-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for selecting NETGEAR products.

More information

A Addendum to LCOS-Version 7.20

A Addendum to LCOS-Version 7.20 Overview A A.1 Overview This addendum describes the new functions with LCOS version 7.20 and the modifications since release 6.30: Advanced routing and forwarding Defining networks and assigning interfaces

More information

N150 WiFi DSL Modem Router Essentials Edition. N300 WiFi DSL Modem Router Essentials Edition

N150 WiFi DSL Modem Router Essentials Edition. N300 WiFi DSL Modem Router Essentials Edition N150 WiFi DSL Modem Router Essentials Edition Model D500 N300 WiFi DSL Modem Router Essentials Edition Model D1500 User Manual August 2014 202-11390-01 350 East Plumeria Drive San Jose, CA 95134 USA Support

More information

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface. Quick Note 53 Ethernet to W-WAN failover with logical Ethernet interface. Digi Support August 2015 1 Contents 1 Introduction... 2 1.1 Introduction... 2 1.2 Assumptions... 3 1.3 Corrections... 3 2 Version...

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

nexvortex Setup Template

nexvortex Setup Template nexvortex Setup Template ZULTYS, INC. April 2013 5 1 0 S P R I N G S T R E E T H E R N D O N V A 2 0 1 7 0 + 1 8 5 5. 6 3 9. 8 8 8 8 Introduction This document is intended only for nexvortex customers

More information

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4 1. APPLE AIRPORT EXTREME 1.1 Product Description The following are device specific configuration settings for the Apple Airport Extreme. Navigation through the management screens will be similar but may

More information

Monitoring and Analyzing Switch Operation

Monitoring and Analyzing Switch Operation B Monitoring and Analyzing Switch Operation Contents Overview..................................................... B-3....................................... B-4 Menu Access To Status and Counters.........................

More information